I Researched Privacy Policies So You Don’t Have To — Here’s Everything You Need to Know

Download Now: Free Website Optimization Checklist
Sam Lauron
Sam Lauron

Updated:

Published:

Website privacy policies may not be glamorous, but they’re critical, especially now that more people are concerned about data privacy.

woman researches website privacy polices

Research from Pew Research Center found that 67% of U.S. adults don’t understand what companies are doing with their personal data. And I don’t know about you, but I’ve found myself in this camp before, too. If it’s not clear why a company is collecting my data and what they’re using it for, I immediately lose trust and leave their website with a bad taste in my mouth.

Free Resource: Website Optimization Checklist [Download Now]

All that to say, privacy policies are critical to building trust with your customers. A document this important shouldn’t be overlooked. If you’re wondering how exactly to create a strong, easy-to-understand privacy policy for websites, I did the research for you.

Table of Contents

Legally speaking, there isn’t a single universal law around privacy policies. However, privacy policies are required in California by CCPA, the European Union by GDPR, and some other jurisdictions. Not to mention, 75% of the global population is expected to be protected by modern privacy regulations by the end of this year. This makes privacy policies essential if you want to be compliant with a majority of countries and their users.

A strong privacy policy should address the collection, use, sharing, and protection of users’ personal information, ensure compliance with privacy laws, and provide clear instructions for individuals to manage their data privacy preferences.

Free Website Optimization Checklist

This website optimization checklist will help you perfect your website's:

  • Performance
  • SEO
  • Security
  • Mobile Performance

    Download Free

    All fields are required.

    You're all set!

    Click this link to access this resource at any time.

    The Importance of Website Privacy Policies

    I talked to several attorneys and compliance experts about the importance of privacy policies, and one word repeatedly came up: trust.

    While privacy policies are first and foremost required by laws like GDPR and CCPA, they also help companies establish trust and communicate transparency with users. Data transparency is critical to establishing trust with your customers, especially when 94% of consumers feel it’s important to know how brands use their information.

    As Ray Marshall, VP, Legal, Compliance, & IT at Octopus Deploy, puts it: “If you expect customers to trust you with their personal data, you owe it to them to be transparent with what you're going to do with it.”

    Keeping your privacy policies updated is also important for instilling long-term confidence in your brand and products, says attorney Joseph F. Leeson of Leeson & Leeson.

    “Privacy policies ensure that users are continually informed about how their personal information is handled, further emphasizing the importance of maintaining an up-to-date and comprehensive privacy policy,” he says.

    I wanted to know exactly how to write a privacy policy. Is there a standard template most websites use? Are there key elements you must include?

    I turned to the experts to find out. Here are the steps to follow when writing a privacy policy for your website, according to privacy experts and attorneys.

    1. Use clear language and structure.

    While a privacy policy is a legal document, it should be straightforward and easy to understand. The attorneys I talked to say to avoid using complex legal language.

    “In most instances, the purpose of a privacy policy is to inform the end user, not to act as a rigid governance document,” says Marshall. “A policy that is so complicated and detailed that an end user cannot understand it is useless because what end user can consent to something that they cannot understand?”

    To keep your privacy policy clear and easy to follow, Jamie Wright, attorney and founder of The Wright Law Firm, recommends structuring your privacy policy for readability.

    “When developing a privacy policy for a tech startup, we divided it into sections with bullet points and headings for organization,” says Wright. “Additionally, we included a simplified summary alongside each section to help users grasp the ideas quickly.”

    2. Outline the types of personal information you collect.

    As you write your privacy policy, start by outlining the types of data you collect from users who visit your website. This can include information directly provided by the user and information gathered automatically (I’ll explain each of those methods further below).

    Data provided by the user can include any of the following:

    • Full name.
    • Email address.
    • Credit card number.
    • Account details (username and password).
    • Phone number.
    • Home address.

    Data that your company automatically collects through technology can include:

    • Location.
    • IP address.
    • Browser type.
    • Browsing history on the site (i.e., links clicked, pages visited).

    3. List the methods you use to gather this information.

    As I mentioned above, there are a few ways you can collect user information.

    The first is through manual collection. This is when the user provides the information themselves, whether through a submission form, by setting up an account, or making a purchase through your site.

    Another method is automatic collection, which refers to data collection that happens in the background. Your site may track users’ location and browsing history using cookies, for example. If you use cookies, this must be mentioned in your privacy policy.

    Pro tip: Cookies have their own requirements and standards, so it’s best practice to create a separate cookie policy on your website.

    You may also use third parties to collect data. For example, your company may use data from social media sites like Facebook or Instagram to track when a user logs in through those channels or whether they saw an ad there that led to visiting your site.

    how to write a privacy policy

    4. State the purpose of data collection.

    Next, let users know why you collect this information and what you use it for.

    “How far you go into the details will depend on what you're doing with the data,” suggests Marshall. “A company collecting data more extensively might need to go into more detail about the process.”

    The purpose may be to improve the website and user experience, or to provide users with personalized recommendations. You may collect data to contact users about promotions or purchases.

    Any and all reasons your company collects data should be listed here.

    5. Be transparent about if and how you share the data with third parties.

    Again, if you use third party sites to collect or share user data, it’s essential to state that in your website’s privacy policy.

    A common third-party service is Google Analytics. Some other third parties may include external service providers, legal teams, or business affiliates.

    6. Explain user rights.

    Speaking as a user, this section is probably the most important part of a privacy policy.

    Every privacy policy must allow users to consent to how their data is used and shared. Your policy should describe the steps individuals can take to limit the use and sharing of their information. This can include disabling cookies, updating personal information, or removing it from the site altogether.

    7. Include company contact information.

    Finally, every privacy policy needs to include company contact information. Users need to be able to reach out to the company with privacy-related questions or assistance with removing their personal data.

    “Any good privacy policy needs contact details,” says Marshall. “End users need some avenue to ask questions. Having basic contact details, such as a dedicated privacy email address, is such a small thing to add, but demonstrates walking the walk.”

    Privacy Policy Template

    Looking for a privacy policy template to use for your website? I put together a simple template below, based on the many examples I analyzed for this article.

    Disclaimer: I am not a lawyer! Consult a lawyer or compliance team if you are looking for a legally sound privacy policy.

    Effective Date: [insert last date updated here]

    Free Website Optimization Checklist

    This website optimization checklist will help you perfect your website's:

    • Performance
    • SEO
    • Security
    • Mobile Performance

      Download Free

      All fields are required.

      You're all set!

      Click this link to access this resource at any time.

      Privacy Statement

      Use this section to introduce the privacy policy and its purpose. You may also include a subsection for definitions of terms.

      Table of Contents

      • Use bullet points to outline the policy sections so users can easily navigate to the information they want to read.

      The Data We Collect

      List the personal information and user data your company gathers when a user visits your site. Examples of the type of data include:

      • Full name.
      • Email address.
      • Credit card number.
      • IP address.
      • Location.

      How We Obtain Data

      List the methods you use to collect user data. This includes third-party collection, automatic collection, or manual collection, such as when a user submits the information themselves.

      How We Use Data

      Use this section to state the purpose of data collection. List every way you use users’ information, such as to improve the website experience, provide personalized recommendations, or to send promotions.

      Data Retention and Storage

      Here you can explain how long you keep user data, how it’s stored, and the security measures you take to keep it protected.

      Third-Party Sharing

      In this section, outline if and how user information is shared with third-party services.

      User Preferences

      Here you should share how users can consent to data collection and usage. This should also outline the process for data removal, privacy preferences, and cookie limitations.

      Contact Information

      Include your company’s contact information. This can be a dedicated IT or privacy email, or a general contact form. Either way, it should be clear who users can contact for privacy-related questions or concerns.

      Create your website privacy policy with Content Hub.

      Privacy Policy Examples

      I don’t know about you, but I’m a visual person. Real-life examples help me fully grasp a concept, so I thought it would be helpful to include real privacy policy examples from companies doing it best.

      1. Pew Research Center

      During my research for this article, I came across Pew Research Center’s privacy policy on its website.

      pew research center privacy policy for website

      Image Source

      What I like about this one is that it’s informative while being easy to understand. Pew Research Center is an organization that revolves around data-driven research that helps users understand a range of topics — sometimes complex issues. Yet, its privacy policy is simple and easy to follow, in my opinion.

      The policy has a cohesive throughline and clear section headings that cover everything users would want to know, without using complex legal language.

      2. Google

      When I spoke with Ray Marshall at Octopus Deploy, he pointed me to Google’s privacy policy, and I’m glad he did.

      Google’s privacy policy is a strong example of how to make a policy that’s user-focused. As you scroll through the page, you can watch videos that explain the what, how, and why of Google’s data collection process. This interactive method is helpful for anyone who wants to learn more about data privacy and preferences without feeling like they’re reading a legal document.

      Google’s privacy policy for website

      Image Source

      3. Vimeo

      What I like best about Vimeo’s privacy policy is the table of contents. The lawyers I talked to for this article all emphasized the need for website privacy policies to be easy to follow and understand, and a table of contents is a great way to implement that.

      Vimeo privacy policy for website

      Image Source

      Think of Users When Creating a Privacy Policy For Your Website

      My biggest takeaway from my research is that privacy policies don’t have to be filled with complex legal jargon. In fact, the strongest privacy policies are user-friendly and easy to follow.

      If you’re creating a privacy policy for your website, put your users’ needs first. Be transparent about the type of data you collect and why. Make it easy for them to understand what their rights are when it comes to giving consent, and let them know how they can remove their information from your site if needed.

      Privacy policies are built on trust and transparency, so if you want to establish a trusting relationship with your customers, then your privacy policy shouldn’t be an afterthought.

      Free Website Optimization Checklist

      This website optimization checklist will help you perfect your website's:

      • Performance
      • SEO
      • Security
      • Mobile Performance

        Download Free

        All fields are required.

        You're all set!

        Click this link to access this resource at any time.

        Topics: Website Design

        Related Articles

        Access a free checklist to maximize your website's performance, SEO, and security.

          CMS Hub is flexible for marketers, powerful for developers, and gives customers a personalized, secure experience

          START FREE OR GET A DEMO